Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

INCIDENTS () SECURITYFOCUS COM

From: Thor () HammerofGod com
Date: Mon, 14 May 2001 12:05:45 -0700

FWIW, IIS5.0/Exchange 2000 SMTP uses TCP 53 for DNS queries.
AD




Jason Lewis wrote:


DNS queries are on UDP port 53.  TCP port 53 is used for zone transfers.

By

blocking TCP port 53 I can't do zone transfers, but clients can still do
lookups on UDP 53.  Since I have blocked TCP port 53, I have seen a

decrease

in attack attempts on my name servers, primarily because that port isn't
open.  I do still see scans for the DNS ports, but nothing more than a

port

scan.

My question is...Can anyone come up with any pros/cons of doing this?
Previous By Date Next
Previous By Thread Next

Current thread: